SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for nexus3-3.61.0.02-112.1.x86_64.rpm :

* Thu Oct 12 2023 J. Daniel Schmidt - 3.61.0.02-2- Fix the macro for the service removal so the package builds again for openSUSE Tumbleweed and Factory
* Wed Oct 04 2023 Julio González Gil - 3.61.0.02-1- Update to Nexus 3.61.0-02- Bugfixing:
* NEXUS-40135: Fixed an issue that was causing upgrade errors to 3.59.0 or 3.60.0 when user tokens existed in earlier Sonatype Nexus Repository versions with the exact same user ID but different principals (security realms). Noted as a known issue in 3.59.0 and 3.60.0
* NEXUS-39995: Resolved an issue that was preventing administrator users from generating support zips
* NEXUS-39973: Fixed an issue that was causing Docker proxy or group repositories to return a 404 error even though the remote returned the correct manifest
* NEXUS-39624: The task for migrating the blobRef assets field now handles blob_ref duplicates correctly
* NEXUS-38800: AssetBlobCleanupTask now works as expected; the number of threads eventually stays around the same number as expected
* NEXUS-38530: Blob store metrics now update as expected after HA migration
* NEXUS-38292: Improved repository import task memory efficiency so that imports will not fail with out-of-memory errors even with large import sets
* NEXUS-36697: Made changes to the Admin - Delete blob store temporary files task to prevent it accidentally deleting in-use tmp files
* NEXUS-23185: Made improvements for those using Sonatype Nexus Repository with Sonatype Repository Firewall to prevent overloading IQ Server with asset deletion requests- Improvements:
* New OpenShift Operator for PostreSQL and High Availability Deployments (PRO Only)
* Change Repository Blobstore Task Supports Proxy Repositories (PRO Only)
* Policy-Compliant Component Selection for PyPI (PRO Only)
* Azure Blob Store Performance Improvements (PRO Only)
* Sonatype Nexus Repository Usage Metrics (not currently available for High Availability deployments)
* Improved Security When Specifying Credentials as JVM Arguments. Ensure that sensitive credentials are always masked in any location where they may appear
* Fri Sep 08 2023 Julio González Gil - 3.60.0.02-1- Update to Nexus 3.60.0-02- Bugfixing:
* NEXUS-40141: Fixed the previously reported \"Repair - Reconcile component database from blob store task\" issue. The bug caused the task to soft-delete the blob .properties and .bytes files for NuGet v2 proxy and hosted repositories. It also failed to restore the desired content for RubyGems, NuGet v2 (proxy or hosted), or P2 repositories; however, there was no soft deletion associated with RubyGems or P2 repositories
* NEXUS-39918: Clarified search restrictions in high availability environments to explain that searches cannot begin with a special character followed by a wildcard. Attempts to perform such seareches will now result in appropriate descriptive messaging
* NEXUS-39825: NuGet v3 search now returns the complete list of component versions even when the component name has a dot after a digit
* NEXUS-38670: Improved Apt upload performance and speed
* NEXUS-37537: The lastDownloaded attribute for hosted Helm assets now updates as expected in deployments using PostgreSQL or H2
* NEXUS-37024: The Global Webhook capability with Audit Type now works as expected- Improvements:
* Support for Cocoapods Stored on Google Open Source
* Refactored caching for deployments using Atlassian Crowd to improve performance and avoid calls to Crowd Server every time user information is needed. This refactoring also enables caching and improves performance for formats using bearer token realms (i.e., Conan, Docker, and npm formats). You must enable the Crowd realm for this to take effect (PRO Only)
* Wed Aug 16 2023 Julio González Gil - 3.59.0.01-1- Update to Nexus 3.59.0-01- Bugfixing:
* Apache shiro upgraded from 1.10.0 to 1.12.0 to mitigate CVE-2023-34478
* SnakeYaml upgraded from 1.33 to 2.0 to mitigate CVE-2022-1471
* Sonatype recently became aware of a bug impacting those using user tokens for authentication. To address potential security concerns, user token authentication methods were enhanced to ensure that user tokens are always case-sensitive regardless of security realm or database used
* NEXUS-39797: Resolved an issue that was causing some components to not be indexed for search in HA deployments
* NEXUS-39774 & 39573: Using the Search API to return Maven assets with an empty maven.classifier now works as expected
* NEXUS-39255 The Conan v2 remote list command to retrieve revisions performs as expected without a 500 error
* NEXUS-36486 The blobCreated date is now preserved when migrating to PostgreSQL
* NEXUS-36415 Adjusted handling in cases where invalid content violating metadata format is cached in a proxy repository
* NEXUS-35977 Improved error messaging and documentation related to requesting files from a R format repository. See our updated R repositories documentation for supported file types- Improvements:
* Support for password encoders like SHA-256, SHA-384, and SHA-512 for those using LDAP authentication
* To help facilitate debugging outbound network problems, an outbound request log that generates an outbound-request.log file in the $data-dir/log directory is now provided. The outbound request log rotates daily, maintains 90 days of log files by default, and compresses old logs. The log includes information such as date/time, authenticated user id, method, url, response status code, bytes sent, bytes received, and response time
* To help troubleshoot content selector issues, the audit log ($data-dir/log/audit/audit.log) is now expanded to log content selector creation, update, or deletion
* Tue Jul 25 2023 Julio González Gil - 3.58.1.01-1- Update to Nexus 3.58.1-01- Bugfixing:
* Critical Fix for 3.57.0 and 3.58.0 deployments Using Sonatype Repository Firewall. This bug could allow for users to unintentionally download quarantined components
* Tue Jul 18 2023 Julio González Gil - 3.58.0.01-1- Update to Nexus 3.58.0-01- Bugfixing:
* NEXUS-39766: Docker Subdomain connectors work with nGrok again as expected
* NEXUS-39415: Added logging for and made \"Rubygems - Generate SHA256 Checksums and Repair - Update attributes for RubyGems\" tasks configurable via the user interface. See the Tasks documentation for details on these tasks- Improvements:
* Restored \"Admin - Change repository blob store\"Task for deployments using PostgreSQL or H2, after it got disabled in 3.45.0, due to multiple issues that could result in data loss (PRO Only)
* Fri Jul 07 2023 Julio González Gil - 3.57.0.01-1- Update to Nexus 3.57.0-01- Bugfixing:
* NEXUS-24088: You can now properly remove an S3 blob store from a group even when it references an S3 bucket that is no longer accessible; such blob stores no longer cause UI errors
* NEXUS-24726: You can now search for components with an empty group or npm.scope
* NEXUS-27710: Fixed errors that were sporadically preventing startup in some cases due to a corrupted org.apache.karaf.features.cfg file
* NEXUS-29638: Downloading a pom.xml that uses unicode characters no longer fails due to calling getBytes without using UTF8
* NEXUS-31461: Searching for Maven versions now returns versions in alpha-numeric order as expected
* NEXUS-31492: Raw proxy URL no longer encodes special characters for outbound requests
* NEXUS-35917: The Repair - Reconcile component database from blob store task with only Integrity Check option selected now removes stale objects from S3 blob stores as expected
* NEXUS-36599: Browse privileges are no longer required to execute a NuGet search; only Read is needed
* NEXUS-38662: Deleting large repositories is no longer impeded by errors where Sonatype Nexus Repository looks for repository_blobstore in the component database
* NEXUS-38791: Running a search for Maven assets in an HA environment now returns the versions in descending order
* NEXUS-38851: npm exports no longer skip assets with an application/x-tgz content type
* NEXUS-39169: The permissions required for the search API are now consistent between HA and non-HA environments. Searching a group repository from the API only requires the user to have read permissions for the group- Improvements:
* Added a Default Role alert to inform administrators when the Default Role capability is enabled and what role is configured as the default role granted to all authenticated users
* Multiple UX enhancements, including a new Blob Store column in the Repositories table and a sortable Last Updated column to Search results
* Improvements in Support of Sonatype Repository Firewall to ensure HA Sonatype Nexus Repository deployments can support the new Sonatype Repository Firewall SaaS offering. Added validation to ensure that Sonatype Nexus Repository and Firewall only exchange information when Firewall configuration is enabled to avoid data becoming out of syn Renamed the Component IQ and IQ Application fields in the component browse view to Sonatype Lifecycle Component and Application respectively Modified the policy-compliant component selection checkbox so that it is disabled until and unless both the Firewall - Audit and Quarantine capability is enabled and the Enable Quarantine checkbox that appears within that capability is checked. This is to prevent Sonatype Nexus Repository from getting into an inconsistent state with the Firewall server
* Mon Jul 03 2023 Julio González Gil - 3.56.0.01-1- Update to Nexus 3.56.0-01- Bugfixing:
* The Repair - Rebuild npm metadata task now rebuilds npm package metadata as expected
* When migrating from Sonatype Nexus Repository 2 to 3, broken NuGet assets will no longer prevent completing migration. Sonatype Nexus Repository will provide an error message and log an exception for broken NuGet assets. Migration will continue and Sonatype Nexus Repository 3 will migrate valid NuGet assets as expected
* Enabling the IQ: Audit and Quarantine capability in Sonatype Nexus Repository 2 will no longer cause migration to Sonatype Nexus Repository 3 to hang
* PyPI simple index is rebuilt as expected after a staging move
* Repositories already using a blobstore that is then promoted to a group blobstore will continue to function as expected
* Performing \"conan search zlib/
*\" on a hosted repository in a high availability environment works as expected
* Calling \"info/rater_pdf\" only returns versions of the rater_pdf gem as expected- Improvements:
* Search Improvement for High Availability (HA) Enviornments (PRO Only) To ensure you receive the most accurate and usable information, a small aspect of component search was changed for those using one of our HA deployment options. You will now see the latest modification date from among all asset blobs assigned to a component in the Last Updated column. Previously, the component\'s creation date appeared in this column
* In order to prevent unreasonable wait times, a 1-minute timeout was added to the Cleanup Policy preview featureAWs me-central-1 region now appears as an option when creating an S3 blobstore.
* Sun Jul 02 2023 Julio González Gil - 3.55.0.01-1- Update to Nexus 3.55.0-01- Bugfixing:
* The Standard request timeout and Extended request timeout fields in the UI:Settings capability are now properly updated when upgrading from older versions
* Sonatype Nexus Repository now supports Yum repositories using the caret (^) character in RPM names
* Staging move respects the Allow redeploy only on \'latest\' tag setting as expected
* Subdomain routing now reflects the nexus-context-path
* NuGet v3 search in non-HA environments now return components that have a dot after a digit. Note that search works differently in HA, and we are still investigating a fix for HA environments- Improvements:
* Fluentbit, External DNS, and the Docker Ingress and service are now all optional in the Helm chart for a resilient Sonatype Nexus Repository deployment in AWS (PRO Only)
* /v2/users/authenticate Conan endpoint for hosted Conan repositories on Sonatype Nexus Repository deployments using H2 or PostgreSQL databases (PRO Only)
* Streamlined Experience for Those Using Sonatype Repository Firewall
* Quick Actions on Welcome Page, list of quick actions depends on the permissions for each user
* Sun Jul 02 2023 Julio González Gil - 3.54.1.01-1- Update to Nexus 3.54.1-01- Bugfixing:
* Added recently provided patch fixing the GroovyCastException that was occurring when installing the nexus gem
* Fixed the known issue from 3.53.0 for those using community or custom plugins. These plugins now load as expected.
* Added validation so that users can only add valid content selector privileges
* NEXUS-37518: Fixed an issue that was causing errors when running the \"Docker - Delete unused manifests and images\" task
* NEXUS-38740: Fixed an issue that was preventing NuGet v3 search from returning components with \".\" in the component name under some search conditions
* Plugins bundled as .kar files that are installed via $install-dir/deploy now start as expected
* Updated documentation to better explain how metadata is impacted during repository import- Improvements:
* Refreshed Outreach Page
* Export Unused Assets (PRO Only)
* The IQ Audit and Quarantine capability was renamed to Firewall Audit and Quarantine and hidden the IQ Server Configuration capability from the Capabilities screen. Functionality is not impacted, and you will still configure your connection to IQ Server via the IQ Server tab in the user interface
* Sat May 13 2023 Julio González Gil - 3.53.1.02-1- Update to Nexus 3.53.1-02- Bugfixing:
* NEXUS-39091: Concurrent event handling and asynchronous processing works as expected for RubyGems
* Fixed an issue that was causing the RubyGems Info API to work with incorrect groups
* Fixed a paging issue on OrientDB for RubyGems upgrade tasks
* Fixed a GroovyCastException that was occurring when installing the nexus gem
* Resolved an issue for those using OrientDB where, if a package was uploaded while a rebuild was in progress, it may result in missing a package until the next upload
* Fixed an issue that was causing an exception when running the \"Repair - Rebuild Rubygems versions file\" task- It is possible that you may still encounter issues related to the RubyGems Dependencies API deprecation even after upgrading to 3.53.1 Sonatype observed packaging inconsistencies in the RubyGems ecosystem that leave required fields missing or with values that are non-conforming to spec In these scenarios, Sonatype Nexus Repository is unable to properly store the gem or complete normal operations In 3.53.0 and earlier, this error would occur with a 500 error and not enough data being provided in the log file to identify the specific gem In 3.53.1, gems that have this gap will be reported in the \"nexus.log\" file with a log line like the following: 2023-05-12 12:20:32,043-0500 WARN [quartz-11-thread-2]
*SYSTEM org.sonatype.nexus.repository.rubygems.orient.internal.hosted.OrientGemInfoHostedFacet - Could not parse version 0.2.2 from gem gems/nexus-0.2.2.gem Please report such problems to Sonatype so they can properly address non-conforming gems in future releases
* Thu May 11 2023 Julio González Gil - 3.53.0.01-2- There is a known issue in Sonatype Nexus Repository 3.53.0 impacting those using community or custom plugins. These plugins will not load from the typical install directory and, in some cases, this may prevent Sonatype Nexus Repository from starting. If you are using community or custom plugins and wish to upgrade, remove the plugin before doing so. Otherwise, wait to upgrade until a fix is released this issue. If you are not using community or custom plugins, upgrading is safe
* Sat May 06 2023 Julio González Gil - 3.53.0.01-1- Update to Nexus 3.53.0-01- Bugfixing:
* NEXUS-17626: rubygems /versions endpoint not implemented resulting in performance issues installing gems
* NEXUS-20429: incomplete gem metadata returned sometimes from /api/v1/dependencies
* NEXUS-25408: Using 0 in \"Authenticated user status interval\" disables buttons after logging in
* NEXUS-31023: npm metadata request fails with \"Missing blob and no handler set to recover\"
* NEXUS-31286: nexus.datastore system properties do not overwrite values in nexus-store.properties file
* NEXUS-31635: Repository REST API allows invalid version policy value for Maven repo
* NEXUS-35728: New Nexus Repository Manager 3 image breaks \"kubectl cp\" and \"oc cp\" commands
* NEXUS-37958: Blob store health check fails reporting group blobstores as not writable
* NEXUS-38452: RubyGems.org /api/v1/dependencies API removal may cause empty 200 status responses from groups which can then fail builds
* NEXUS-38579: Expensive search done for deleted assets after repository is removed
* NEXUS-38585: Conan hosted repo search does not return all deployed components when conan attributes contain special characters and using elasticsearch indexing
* Upgraded org.apache.karaf.jaas:org.apache.karaf.jaas.modules package from 4.3.6 to 4.3.9 due to a vulnerability. There are no known exploits of this vulnerability, so the this upgrade happens out of an abundance of caution- Improvements:
* NEXUS-31225: Add support for rubygems compact_index /info/ endpoint
* Change in Database Property Evaluation Priority when Using PostgreSQL (PRO Only) To help you more easily change database connection details, there are changes in the way and order in which Sonatype Nexus Repository evaluates the mechanism for evaluating this information. You will also need to provide all required fields through the same mechanism
* Fix for RubyGems Dependency API Deprecation: RubyGems will deprecate its dependency API as of May 10, 2023. Those using RubyGems will need to upgrade to Sonatype Nexus Repository 3.53.0 by May 10 to avoid encountering errors caused by this deprecation
* New Name (Sonatype Nexus Repository) & UI Changes. Functionality is not impacted
* Wed Apr 19 2023 Julio González Gil - 3.52.0.01-1- Update to Nexus 3.52.0-01- Bugfixing:
* NEXUS-24266: Trim SAML UI Input Fields
* NEXUS-27453: The user ID field in \"security --> anonymous\" allows trailing spaces
* NEXUS-33918: Deleting tag via REST API UI returns \"error: no content\"
* NEXUS-34185: Nexus UI does not show \'Last downloaded\' with full time and timezone details
* NEXUS-34566: Deleting an image tag deletes all tags with the same digest from other images
* NEXUS-34611: user-token-reset API execution in Nexus Swagger UI returns \'Error: No Content\'
* NEXUS-35509: Improve search performance with large Roles and Privileges: OrientDB
* NEXUS-36480: Improve robustness and logging for Null Pointer handling in Docker.GC task
* NEXUS-37491: Pypi proxy always does expensive rewrite of simple index pages
* NEXUS-38412: Resetting the nexus loggers to default levels causes \"IllegalArgumentException: The level of the root logger cannot be set to null\" with New HA deployments
* Thu Apr 06 2023 Julio González Gil - 3.51.0.01-1- Update to Nexus 3.51.0-01- Bugfixing:
* NEXUS-31948: Attempting to create Azure blob store with an existing name causes 500 server error
* NEXUS-34077: scheduled tasks race condition during DB migration can leave tasks without proper schedule
* NEXUS-34599: Status API execution via Nexus Swagger UI returns Undocumented Error: OK
* NEXUS-35229: Reconcile task with last X days option checks all properties files
* NEXUS-35728: kubectl cp and oc cp commands work as expected.
* NEXUS-36296: Placing proxy repo in offline mode releases quarantined components
* NEXUS-36416: MissingBlobException for Nuget asset prevents instance from starting
* NEXUS-36817: Increase default size limit for helm yaml files
* NEXUS-37005: Blob store UI will not load if s3 blob store host can\'t be reached
* NEXUS-37639: Docker manifest upload to a docker hosted repository causes missing \"Docker-Content-Digest\" in the response when Nexus running with PostgreSQL db- Improvements:
* Automatically Rebuild Search Indexes for New High Availability (HA) Deployments (PRO Only)
* UI/UX: Better error messaging when configuring Content (PRO only)
* UI/UX: Increasing the size of the routing rule preview field on the routing rule form so that you can see the full path that you enter
* UI/UX: Continued conversion of parts of our UI to use React components See https://help.sonatype.com/repomanager3/product-information/release-notes/2023-release-notes/nexus-repository-3.46.0-release-notes for more information on this effort
* Tue Mar 28 2023 Julio González Gil - 3.50.0.01-1- Update to Nexus 3.50.0-01- Bugfixing:
* NEXUS-22721: UI sign out/logout does not redirect to the default page
* NEXUS-25037: UNAVAILABLE repository status creates confusing user experiencie
* NEXUS-27530: proxying nested repodata/repomd.xml from remote YUM repositories causes automatic download attempt of primary.xml.gz at wrong remote path
* NEXUS-30939: New user token created every time a user clicks the Access token button
* NEXUS-33794: LogbackLogManager ERROR and WARN messages about missing log files lack context and log at the wrong level
* NEXUS-34022: Unable to unassign Routing Rules to a repository via Nexus UI
* NEXUS-35497: Staging move fails if some image layers are contained in a proxy repository
* NEXUS-36365: Blob store names can contain arbitrary characters and lack full validation leading to blobstores which cannot be used, deleted or accessed using REST API
* NEXUS-36590: Choco installs a different package when using Nuget V2 with PostgreSQL
* NEXUS-36955: Checksum and size not updated in repomd.xml which can fail yum install due to checksum doesn\'t match
* NEXUS-37182: Conan search with hosted repo only works for the _ channel
* NEXUS-37315: conan search for hosted repository does not work when package has dependencies defined via \'requires\'
* NEXUS-37454: group blobstore UI Transferred Items title lacks context
* NEXUS-37512: Format specific UI search returns results from different formats
* NEXUS-37563: conan hosted repo does not allow redeploying different configurations of the same package with disable redeploy option
* NEXUS-37895: Data Store UI shows required fields with possibly empty values that cannot be edited- Improvements:
* High availability deployment options with Amazon Web Services, Azure, Kubernetes, or manual setup (PRO Only)
* Supports for Conan revisions for hosted repositories when using an H2 or PostgreSQL database (revisions are not supported on OrientDB) (PRO Only)
* Tue Mar 07 2023 Julio González Gil - 3.49.0.02-1- Update to Nexus 3.49.0-02- Bugfixes:
* NEXUS-30166: Error responses from roles REST API are not in consistent format
* NEXUS-30811: Staging move failing for multi-arch docker image due to NPE
* NEXUS-34600: Unable to add old privileges to role after migrating to postgresql
* NEXUS-36028: enable async batch deletes by default for Admin Cleanup unused asset blob tasks
* NEXUS-36244: Security Users view in the UI queries the database for all user role mappings in the entire database
* NEXUS-36296: Placing proxy repo in offline mode releases quarantined components
* NEXUS-36555: Component links in Browse UI delimit GAV paths with \'%2F\' instead of \'/\'
* NEXUS-36784: Regression: Download asset from UI, the filename contains group id with underscores and then the artifact name
* NEXUS-37385: db-migrator fails if the blob store name contains a colon
* NEXUS-37490: unable to download files when blobstore name contains colon after upgrading to 3.47- Improvements:
* Batch delete is now the default for the \"Admin - Cleanup unused asset blobs\" task (PRO Only)
* Tue Feb 28 2023 Julio González Gil - 3.48.0.01-1- Update to Nexus 3.48.0-01- Bugfixes:
* NEXUS-36573: create a repository of any format triggers a complete Helm index rebuild
* NEXUS-36998: dotnet add command against nuget v2 group repo is very slow on newDB
* NEXUS-37617: loading welcome page can make frequent calls to database which may lead to ui latency in some circumstances
* NEXUS-37810: strict content validation may fail on exe application/x-sharedlib protobuf protoc- Improvements:
* NEXUS-37535: Removed Legacy SQL Maven Metadata Builder
* Improved NuGet v2 Performance on PostgreSQL (PRO Only)
* New and improved Content Replication (PRO Only) While help documentation for legacy replication remains available, it will be unavailable for general use, and will be eventually removed. Reach out to your CSE if you are still using legacy replication and would like to continue using it- Notes: After upgrading to 3.48.0, those using an H2 or PostgreSQL database will need to run a task for each existing Apt, Helm, and Yum repository in order to rebuild their metadata:
* Apt: Rebuild Apt metadata for each Apt repository
* Helm: Rebuild Helm metadata for each Helm repository
* Repair: Rebuild Yum rebuild metadata (repodata) for each Yum repository
* Fri Feb 10 2023 Julio González Gil - 3.47.1.01-1- Update to Nexus 3.47.1-01- Bugfixes:
* NEXUS-37325: MissingBlobException and slow downloads after upgrading to 3.47.0
* Fri Feb 10 2023 Julio González Gil - 3.47.0.01-1- Update to Nexus 3.47.0-01- Bugfixes:
* NEXUS-36506: NonResolvableTarballNameException returned for npm group requests if member proxy is unavailable
* NEXUS-36617: PyPi index not update or generated when importing repository
* NEXUS-36667: logged execution time of database upgrade steps report as seconds when they are actually milliseconds- Improvements:
* NEXUS-34236: Migrate all deletions.indexes, not just the indexes named with the node ID of the instance being migrated to SQL database (PRO only)
* Continued UI Improvements: updated HTTPS Settings and SSL Certificates pages visible to all users
* Thu Feb 09 2023 Julio González Gil - 3.46.0.01-1- Update to Nexus 3.46.0-01- Bugfixes:
* NEXUS-36655: REST API search does not respect maven.extension parameter
* NEXUS-36782: Slow merging of yum group metadata- Improvements:
* Removed Space Remaining Soft Quota for Azure and S3 Blob Stores
* Wed Jan 18 2023 Julio González Gil - 3.45.1.01-1- Update to Nexus 3.45.1-01- Bugfixes:
* NEXUS-36400: Npm package dist-tags are not preserved during repository export/import
* Fri Dec 30 2022 Julio González Gil - 3.45.0.01-1- Update to Nexus 3.45.0-01- Please note new PostgreSQL database user permission requirements introduced as of 3.44.0 that impact your upgrade to 3.45.0. The PostgreSQL user must have CREATE priveleges on the current database due to schema changes made during the upgrade process that have new dependencies- Bugfixes:
* NEXUS-36046: roles ui call to backend is not sending x-nexus-ui request header
* NEXUS-36239: Multiple known issues can lead to data loss, so \"Admin - Change repository blob store\" is now disabled for your protection. All pre-existing tasks of this type will no longer run, and you will not be able to create new ones through either the user interface or API. Sonatype highly discourage you from using this task in earlier Nexus Repository releases where it is not disabled
* Thu Dec 15 2022 Julio González Gil - 3.44.0.01-1- Update to Nexus 3.44.0-01- Bugfixes:
* NEXUS-31363: Remove Quarantined Versions does not update asset attributes.content.etag
* NEXUS-31796: transitive repo group content privileges are not transparently applied to search results causing possible 403 errors in the UI
* NEXUS-33553: Search API returns null for \"lastDownloaded\" field
* NEXUS-34508: Update Stream Filtering on BlobStoreGroupMemberRemovalTask
* NEXUS-34875: docker-nexus3: removal of chef dropped support for NEXUS_CONTEXT
* NEXUS-34950: PyPI package versions published using twine before upgrading to 3.41.0 or later are missing from /simple index preventing discovery by clients
* NEXUS-34969: \"DatastoreFileBlobDeletionIndex - Processing blobstore\" takes long time and block the startup
* NEXUS-35486: Unable to Upload npm package with long buildnumber
* NEXUS-35623: helm proxy fails with large index.yaml (bitnami)
* NEXUS-35867: Group Yum metadata merging failing with OutOfMemoryError in AbstractStringBuilder.hugeCapacity
* NEXUS-35995: Potentially long running query deleting components with repository.cleanup task due to fk_maven2_browse_node_component constraint
* NEXUS-36085: Task creation no longer works with group blob stores
* NEXUS-36154: database migrator may filter out valid components and assets due to \"no repositoryId\"- Improvements:
* Update the Log4J Visualizer user interface to provide new guidance on integrating Nexus Firewall with Nexus Repository
* NEXUS-36180: add configurable cache buster for rapture web UI resources
* NEXUS-36232: prevent automatic search in the UI
* Tue Nov 08 2022 Julio González Gil - 3.43.0.01-1- Update to Nexus 3.43.0-01- Bugfixes:
* NEXUS-31672: Potentially long running query deleting components with repository.cleanup task
* NEXUS-34608: cleanup policies may cause PostgreSQL database connection pool exhaustion and prevent restarts
* NEXUS-34681: Blobstore Group Round Robin should try next blobstore member if one member if full
* NEXUS-34774: Some dependency packages are not downloaded via Nexus Nuget V3 repository
* NEXUS-34950: pypi package versions published using twine before upgrading to 3.41.0 or later are missing from /simple index preventing discovery by clients
* NEXUS-35259: PyPI INDEX type asset is always created by accessing it via group repo
* NEXUS-35492: INSTALL4J_ADD_VM_PARAMS do not override resiliency helm chart jvm arguments defined in nexus.vmoptions
* NEXUS-35515: Cannot cast DetachingList to ArrayList when retrieving Docker proxy repo configuration via REST API
* NEXUS-35530: Maven REPOSITORY_METADATA type asset is always created by accessing it via group repo
* NEXUS-36027: Admin - Cleanup unused asset blobs task may not be able to keep up with the number of newly created unused blobs- Improvements:
* NEXUS-25231: Nexus Repository Now Mirrors PyPI Yank Attribute (PEP 592)
* NuGet V2 Support for H2 and PostgreSQL Database Users (PRO only)
* Upgraded vulnerable Apache Shiro 1.9.1 to 1.10.0 (no reported exploits so far
* Upgraded Jackson Databind from version 2.13.2.1 to 2.13.4.2
* Ugraded SnakeYAML from version 1.28 to 1.32
* Thu Sep 29 2022 Julio González Gil - 3.42.0.01-1- Update to Nexus 3.42.0-01- Bugfixes:
* NEXUS-31088: Helm proxy does not properly handle upstream UTF-8 characters
* NEXUS-31099: Manually scheduled tasks triggered after migration to Postgres
* NEXUS-31188: Nexus Firewall quarantined component returns 404 status through group repository instead of 403
* NEXUS-31891: Performance issue with \"Download cataloged versions only\" and \"Download policy compliant versions\" options
* NEXUS-32449: blobstore outbound http connection or file handle leak while rebuilding Helm index
* NEXUS-32453: Golang metadata in group repos is cached using component max age
* NEXUS-32529: Nexus upgrade can fail with NullPointerException at OrientBlobReconciliationLogMigrator stage.
* NEXUS-33294: Most of docker layer assets are filtered during postgresql migration
* NEXUS-33540: downloadUrl for assets in /rest/v1/search contain extra forward slash after migrating from OrientDB to PostgreSQL
* NEXUS-33917: NPM group repository does not return correct latest version
* NEXUS-33933: Nuget V3 search does not return the expected version against Hosted repository
* NEXUS-34184: log in audit.log components deleted by Cleanup service task
* NEXUS-34242: Elapsed time logged for scheduled tasks is using a time unit that is not human readable
* NEXUS-35082: Instance ID is not preserved during postgres migration
* NEXUS-35218: docker-nexus3 - memory settings no longer removed from nexus.vmoptions- Improvements:
* NEXUS-34932: Upgraded to Jetty 9.4.48.v20220622
* Improvement to Logs for Remove Quarantined Versions Feature (PRO only)
* Search performance improvements
* Thu Aug 25 2022 Julio González Gil - 3.41.1.01-1- Update to Nexus 3.41.1-01- Bugfixes:
* NEXUS-34642: Fix for a critical bug that can cause cleanup policies to unintentionally delete binaries in Nexus Repository Pro deployments which use H2 or PostgreSQL See https://help.sonatype.com/repomanager3/product-information/critical-cleanup-policy-bug-advisory
* Thu Aug 25 2022 Julio González Gil - 3.41.0.01-1- Update to Nexus 3.41.0-01- Bugfixes:
* NEXUS-24499: PyPI Package with single letter names cause 404 to be returned
* NEXUS-27383: Adding helm charts leaves tmp files behind in tmp dir of blobstore
* NEXUS-31314: REST API for Docker Host repo can\'t GET, POST and PUT Allow redeploy only on \'latest\' tag as UI
* NEXUS-31512: Race condition during maven-metadata.xml deployment can cause invalid blob references and 500 response for subsequent GET requests
* NEXUS-31761: DB migrator allows users to connect to the already opened database
* NEXUS-31970: npm group dist-tags endpoint merges duplicate npm tagged versions using highest semantic version instead of first group member resolved version
* NEXUS-32034: IQ Server Page Allows Password Interception on Save/Verify
* NEXUS-32580: db migrator attempts to drop existing SQL database tables by default and can fail
* NEXUS-32613: Can not install specific versions because of broken index type assets for PyPI hosted repository caused by Reconcile task
* NEXUS-32634: Import of ubuntu:22.04 docker image fails with error
* NEXUS-32658: Using REST API to create the same repository twice causes InvalidStateException
* NEXUS-33290: DB migrator: ClassCastException when attributes.content.last_modified is 0
* NEXUS-33541: Integrity check option of Repair - Reconcile component database from blob store task may delete blobs migrated from OrientDB
* NEXUS-33584: /repository/ is not included in the request.log log line when sub-domain routing feature is used
* NEXUS-33613: Nexus System API UI is broken when context path is used
* NEXUS-33733: Cannot create externally mapped role for SAML
* NEXUS-33795: Add debug logging to remove member from blob store group task
* NEXUS-33919: NullPointerException on \"Purge unused snapshots\" task
* NEXUS-33931: cannot create an Azure Blob Store using REST API and environment variable authentication option
* NEXUS-33949: GA level maven metadata files intermittently lose most versions
* NEXUS-34020: Deleting tag results in disassociation attempt against all components- Improvements:
* NEXUS-24127: PyPI repos should provide SHA256 hashes in /simple web interface
* NEXUS-33413: Migrating large database takes many hours
* New Optional Database Migrator Parameters See https://help.sonatype.com/repomanager3/installation-and-upgrades/migrating-to-a-new-database#MigratingtoaNewDatabase-OptionalParametersOptionalParam
* New Admin - delete blobstore temporary files Task If you find that you have excess tmp files for a blobstore, manually schedule and use this task to easily delete all of the tmp files (.bytes and .properties) in a selected blobstore\'s /tmp folder
* Tue Jun 28 2022 Julio González Gil - 3.40.1.01-1- Update to Nexus 3.40.1-01- Bugfixes:
* NEXUS-33568: Fix a bug that prevented downloading and uploading files for those with an H2 or PostgreSQL database who upgraded from 3.39.0 to 3.40.0
* Wed Jun 22 2022 Julio González Gil - 3.40.0.03-1- Update to Nexus 3.40.0-03- Bugfixes:
* NEXUS-26348: Maven Upload generates wrong xsd url
* NEXUS-26519: Cleanup Policy Notes field should be marked as optional
* NEXUS-26584: \'Security management: privileges\' says id when it means name
* NEXUS-27494: Can\'t push image with oci mediatype
* NEXUS-29558: group repo with version policy RELEASE is selectable for Maven - Delete unused SNAPSHOT repository.maven.purge-unused-snapshots task
* NEXUS-31410: Search API returns null for \"lastModified\" field- Improvements:
* NEXUS-33297: Maven Metadata Rebuild Optimizations for SQL Databases (PRO only) If you must revert to the previous legacy SQL implementation, add the following line to /usr/share/nexus3/etc/nexus.properties: nexus.maven.datastore.legacy.rebuild=true
* Docker Subdomain Connector (PRO only)
* Upgrade Database Migrator to Spring 5.3.18
* Wed Jun 22 2022 Julio González Gil - 3.39.0.01-1- Update to Nexus 3.39.0-01- Bugfixes:
* NEXUS-22810: Content selector creation REST API does not check for duplicates
* NEXUS-26811: Importing npm packages from Nexus Repository 2 to 3 should maintain dist-tags
* NEXUS-26846: \"All format\" cleanup policies disappear from repository assignments after editing
* NEXUS-28107: Repository Export allows to select a group repository, but shouldn\'t
* NEXUS-28910: Staging move operations for Maven rebuilds maven metadata for unrelated components resulting in extremely slow operations
* NEXUS-29421: Docker GC task may delete many layers if network/file system issues happened at the scheduled time
* NEXUS-29484: impossible to delete a specific npm package metadata root in some scenarios
* NEXUS-29502: \'CacheInfo missing for\' / \'assuming stale content\' WARNs written to the log when on PostgreSQL
* NEXUS-29639: \"DataStoreNotFoundException: Data store not found: \'null\'\" from Rebuild repository search task
* NEXUS-29786: Nexus throw exception when id of proxy repository id is prefix of hosted one
* NEXUS-30477: RHC report URL does not include context-path
* NEXUS-30537: Repair - Rebuild repository search task fails with \"java.lang.StringIndexOutOfBoundsException: String index out of range: 0\"
* NEXUS-30840: Log4j Visualizer does not match request paths containing non-default webapp context or legacy repo 2 content paths
* NEXUS-30848: Recalculate vulnerabilities statistics task can trigger NullPointerException when reading log files
* NEXUS-30850: Default realm users that differ only by case break the user administration screen in new DB
* NEXUS-30882: The task \"Statistics - recalculate vulnerabilities statistics\" fails with a formatting exception on IPv6 values
* NEXUS-30997: \"GET /nexus/service/extdirect/poll/rapture_State_get\" takes longer when roles have many permissions
* NEXUS-31000: Possible race condition in reconcile component database from blob store task
* NEXUS-31229: /rest/v1/assets REST API may not find assets when using Postgresql database
* NEXUS-31299: Filter in cleanup policy preview causes \"The filter is invalid so results could not be retrieved\"
* NEXUS-31305: The \"lastDownloaded\" field is missing from component/asset REST API\'s when running under PostgreSQL
* NEXUS-31322: docker tags/list outbound paged request can consume all available outbound connections for the proxy repository
* NEXUS-31385: assets stored with empty path in a proxy repo are treated as auditable by repository healthcheck or firewall audit report
* NEXUS-31391: Migration to Postgres not preserving asset creation, update and download
* NEXUS-31395: Docker uploads serialized, can cause performance bottleneck
* NEXUS-31396: Requesting GA maven-metadata.xml checks all GAVs under the repository
* NEXUS-31501: Unused Content Selectors and duplicate permissions are used for the permission check
* NEXUS-31567: NuGet v3 thread cooperation exceptions on /index.json{}
* NEXUS-31573: Orient->Postgres DB migration does not update ID sequence
* NEXUS-31579: Conan search does not work if package name contains “-“
* NEXUS-31586: Docker - Delete unused manifests and images fails with \"java.lang.IllegalStateException: Unit of work has not been set\"
* NEXUS-31601: repository target patterns are migrated to content selectors with leading slash breaking the intended meaning
* NEXUS-31713: Repository Replication: Deleting an asset stops the replicator with NullPointerException
* NEXUS-31887: escalation: docker gc task query cannot finish even with large timeout on query- Improvements:
* NEXUS-11610: register Eclipse Jetty related JMX mbeans by default in Repo 3
* NEXUS-31071: Database backup tasks will no longer interrupt a long-running \"Repair: Reconcile component database from blob\" storage task
* NEXUS-31198: Improved Resiliency/Disaster Recovery for File Blob Stores
* View Nexus, Audit, Cluster, and Task Logs in User Interface
* Thu Mar 31 2022 Julio González Gil - 3.38.1.01-1- Update to Nexus 3.38.1-01- Bugfixes:
* NEXUS-31030: Cannot save edits to a blobstore with whitespace in the name
* NEXUS-31201: Running the Repair - Reconcile component database from blob store task on H2 or PostgreSQL databases no longer generates duplicate blobs
* Fix ea bug that prevented the Log4j Visualizer from rendering in 3.38.0- Improvements:
* Expanded Log4j Visualizer: Added a Log4j Consumption chart to help you see if your organization\'s vulnerable log4j component consumption is trending in the right direction
* Improvements to Policy-Compliant Component Selection for npm (PRO only)
* Upgraded PostgreSQL Driver from 42.2.25 to 42.3.3 (PRO only)
* Thu Mar 03 2022 Julio González Gil - 3.38.0.01-1- Update to Nexus 3.38.0-01- Bugfixes:
* NEXUS-30443: Fix for CVE-2021-43961 (HTML injection vulnerability). You should upgrade to this release immediately.
* NEXUS-20683: API: Searching requires permissions from role that can view every artifact returned in results (admin)
* NEXUS-24232: npm package metadata does not get updated when a package tarball is deleted
* NEXUS-24787: an anonymous docker pull while anonymous user is configured to use docker bearer token realm will permanently break all future anonymous docker logins
* NEXUS-25925: Cleanup policy criteria error if you enter a decimal rather than validate/disallow
* NEXUS-25927: Switching format errors on save if unapplicable criteria are applied
* NEXUS-26134: Password Validator Message not shown when changing your password
* NEXUS-26406: Cleanup Preview should inform the user results are a sample
* NEXUS-26799: Entering newlines in content selector expression text area
* NEXUS-27035: Cannot delete untouched Routing Rule matchers
* NEXUS-27512: Log spam when processing non-timestamped snapshots during metadata rebuild
* NEXUS-28009: Admin - Remove a member from a blob store group processes docker partial uploads
* NEXUS-28166: Yum metadata not refreshed because of relying on \"metadata_generation_time\"
* NEXUS-28446: Maven proxy repository will return 502 response instead of 404 when manually blocked for content not yet cached
* NEXUS-28555: Upgrade from 2 -> 3 can migrate user email addresses that Nexus Repository 3 considers not valid
* NEXUS-28889: Some Debian Packages fail to upload (control.tar.zst)
* NEXUS-29151: IQ policy violations column displays \"Loading\" for non-admin user
* NEXUS-29227: WARN PoolBase Failed to validate connection org.postgresql.jdbc.PgConnection (This connection has been closed.). Possibly consider using a shorter maxLifetime value
* NEXUS-29408: npm group REST API missing when using Postgres/H2 database
* NEXUS-29410: DB migrator NotEnoughDiskSpaceException does not mention which location
* NEXUS-29417: Nexus DB migrator fails if asset name is not set/empty
* NEXUS-29465: Go-group returns 404 for all existing/proxied components (regression)
* NEXUS-29467: replication performance impacts due to frequent database transactions
* NEXUS-29477: deleting the current \"latest\" tgz version from an NPM hosted repo removes the latest tag instead of replacing it with newest published version
* NEXUS-29738: Maven checksum files should be able to be rebuilt even if repository disables redeploy
* NEXUS-30043: Yum hosted metadata cleanup causes IllegalStateException Missing entity-metadata when there are at least two hosted repositories
* NEXUS-30109: Repair - Reconcile component database from blob store task does not restore blobs created while running a different database type
* NEXUS-30153: Nexus Repository 3 may not be installable / upgradable if it uses PostgreSQL with non \"public\" schema
* NEXUS-30366: Routing rules not taking effect for docker when running with external db
* NEXUS-30448: Rebuilding maven-metadata.xml on slower PostgreSQL could take extremely long time
* NEXUS-30534: Docker Proxy S3 - Exception pulling pulling an image which has the same checksum as an existing image
* NEXUS-30687: Blob storage management screen no longer shows if blob store is in use
* NEXUS-30694: Sorting Maven components with Version returns unpredictable order in some cases
* NEXUS-30807: Nexus Repository fails to create user-token record when using PostgresDB for some users
* NEXUS-30834: Log4j Visualizer: log4j-core-2.16.0 is counted even though it doesn\'t have CVE-2021-44228
* NEXUS-30845: request log scanner for log4j visualizer may discard IO exceptions instead of logging them
* NEXUS-30847: Statistics - Recalculate vulnerabilities statistics task is scheduled to run at midnight which conflicts with log rotation
* NEXUS-30898: System - Repository Health Check task not deleted when the associated repository is deleted
* NEXUS-30911: 401 response from a remote docker registry will cause an already cached docker asset to be reported as 404 not found
* NEXUS-30912: Database upgrade to upgrade replication_connection schema does not trigger
* NEXUS-30934: Setting \"NEXUS_SEARCH_INDEX_REBUILD_ON_STARTUP\" environment variable does not rebuild indexes
* NEXUS-30978: Partial metadata generated for empty yum folder/path
* NEXUS-31035: Database Migrator health check reports \"Cluster consistency error: null\"
* NEXUS-31057: Pypi simple index should be proper HTML5 document to be PEP503 compliant and ready for pip version 22.2 and newer
* NEXUS-31233: Adjustments to Read-Only View- Improvements:
* System Status Check for NuGet Versions (PRO ony)
* Redesign of the replication: The current replication method will not be supported after the new replication is released, later in 2022 (PRO only)
* Added GET Method to Repository Management API
* Expanded Assets API
* Apple M1 Chip Support for building
* NEXUS-28833: \'GitHub Packages\' based npm proxy repos causes the long hashed tgz filename/path generation.
* NEXUS-29730: support for running on apple m1 chip
* NEXUS-30524: Yum cleanup policy support for \"Asset Name Matcher\" criteria
* NEXUS-30575: Expose \'Uploader ID\' in API
* Thu Dec 30 2021 Julio González Gil - 3.37.3.02-1- Update to Nexus 3.37.3-02- Bugfixes:
* Update to the text on the Log4j Visualizer screen
* Thu Dec 30 2021 Julio González Gil - 3.37.2.02-1- Update to Nexus 3.37.2-02- Improvements:
* New Log4j Visualizer: In response to the recently reported vulnerability in Apache\'s \"Log4j2\" logging utility (CVE-2021-44228, also known as \"log4shell\"), Sonatype is providing a Log4j Visualizer for a limited time to all Nexus Repository OSS and Pro users. The Log4j Visualizer will provide insight into Maven log4j component downloads impacted by CVE-2021-44228 in your organization
* Sat Dec 18 2021 Julio González Gil - 3.37.1.01-1- Update to Nexus 3.37.1-01- Bugfixes:
* logback library update to fix a low/moderate vulnerability, as a precautionary measure. No known exploit of Nexus Repository via logback at this time.
* Fri Nov 26 2021 Julio González Gil - 3.37.0.01-1- Update to Nexus 3.37.0-01- Bugfixes:
* NEXUS-17624: YUM repomd.xml not deleted from empty level-1 hosted repository
* NEXUS-19089: large set of dirs/files under directpath/nexus-repository-docker dir
* NEXUS-21878: failing to start one docker connector on startup prevents all other not started docker connectors from starting
* NEXUS-22125: Unable to query image tags via Registry API for proxied gcr.io
* NEXUS-26970: Docker proxy repository returns 502 when remote returns 401
* NEXUS-27033: Deploy of newly tagged multiarch manifest not permitted when redeploy is disabled
* NEXUS-27631: Download of docker manifest via UI fails if there is no history in the manifest
* NEXUS-27674: Unable to download conda component that was released from quarantine
* NEXUS-27788: \"Docker - Delete incomplete uploads\" task blocks all docker uploads
* NEXUS-28717: \"Docker - Delete unused manifests and images\" task attempts to read files from the wrong Blob Store.
* NEXUS-28855: Blob store space used constraint says “in MB” but it stores in bytes
* NEXUS-28918: Search API does not sort alpha-numeric versions correctly
* NEXUS-28921: Browse page is empty after migrating to the New DB because Rebuild repository browse tree task fails to be stored due to long name
* NEXUS-29234: java.lang.NumberFormatException for S3 blob stores on upgrade
* NEXUS-29342: Yum generated temp files are not deleted
* NEXUS-29343: Intermittent MissingBlobExceptions for Concurrent Requests
* NEXUS-29380: NX3: reconcile from blob store task can generate invalid npm version entries in metadata
* NEXUS-29433: fetching identical group npm package metadata concurrently can result in uncooperative threads and increased blobstore and database load- Improvements:
* NEXUS-16580: Migrate nx2 artifact information to nx3 during migration
* NEXUS-27145: Allow rebuild maven metadata task to fix invalid blob references for maven-metadata.xml
* NEXUS-28844: option to rebuild npm package metadata per repo or package
* NEXUS-28896: improve INSERT performance into format specific browse_node tables
* New \"Repair - Rebuild npm metadata\" Task
* The \"Repair - Rebuild Maven repository metadata\" Task Fixes Invalid Blob References for maven-metadata.xml
* Retain Information About Assets Migrated from Nexus Repository Version 2 to Version 3
* Improved S3 Blob Store Performance
* Replication Support for NuGet and PyPI (PRO only)
* Improved Performance for those Migrating to Nexus Repository 3 with an External PostgreSQL Database (PRO only)
* Improved Resilient Deployment Options (PRO only)
* Tue Nov 09 2021 Julio González Gil - 3.36.0.01-1- Update to Nexus 3.36.0-01- Bugfixes:
* NEXUS-29088: Running the replication backfill blob attributes task will now process all blobs as expected.
* NEXUS-29319: This release includes a security fix for an incorrect access control. See the CVE-2021-42568 for full details.
* NEXUS-29407: This release includes a security fix for a server side request forgery vulnerability. See CVE-2021-43293 for full details.
* NEXUS-21814: Repair - Reconcile component database from blobstore may not process PyPI assets correctly
* NEXUS-27629: logging is too verbose when the submitted application id from npm audit is not found in the connected IQ server
* NEXUS-28714: Content validation does not work properly for OCI
* NEXUS-28717: \"Docker - Delete unused manifests and images\" task attempts to read files from the wrong Blob Store.
* NEXUS-28779: Use cases for name and type properties for datastores can be confusing
* NEXUS-29338: Image push after Nexus Repository upgrade not possible- Improvements:
* NEXUS-24332: Optimized How Yum Metadata is Rebuilt
* Faster Migration from Nexus Repository 2 to Nexus Repository 3
* Replication Improvement: Use Truststore Certificates for Replication Connection (PRO only)
* Improvements to Database Migration to H2 or PostgreSQL (PRO only) > Added OrientDB Health Check to Database Migration (PRO only) > NEXUS-28789: Added Nexus Repository Database Version Check PRO (PRO only)
* Documentation Improvement: New Resiliency Example Using Azure (PRO only)
* Thu Oct 14 2021 Julio González Gil - 3.35.0.02-1- Update to Nexus 3.35.0-02- Bugfixes:
* NEXUS-20284: Default content type for raw repositories is now \"text/plain\"
* NEXUS-26313: WWW-AUTHENTICATE header does not include needed scope of token
* NEXUS-26642: A removed docker asset at a remote will cause an already cached docker asset to be removed from a proxy repository when component age expires
* NEXUS-27125: npm proxy repo audit requests may trigger IllegalStateException Missing org.sonatype.nexus.repository.view.matchers.token.TokenMatcher$State while getting cached content
* NEXUS-27318: Maven - Publish Maven Indexer files task leaks inputstream
* NEXUS-27372: Delete of npm package tarball silently fails if the version isn\'t in package root metadata
* NEXUS-27628: Application id is not logged at any level when provided by npm audit command
* NEXUS-28166: Yum metadata not refreshed because of relying on \"metadata_generation_time\"
* NEXUS-28621: Nexus DB Migrator 3.33.0 fails with java.lang.StringIndexOutOfBoundsException error
* NEXUS-28805: Migrator attempts to migrate tagged components before tags have been processed resulting in NullPointerException executing step processComponentStep
* NEXUS-28842: Github npm package registry does not work with Nexus Repo 3
* NEXUS-28898: Contention rebuilding Maven hosted archetype-catalog.xml during repository 2 to 3 migration
* NEXUS-28908: Stuck RUNNABLE postgresql queries on SocketInputStream.socketRead0(Native Method)
* NEXUS-28922: Azure Blobstore creation fails with using Nexus 3.34.0-01 with PostgresDB- Improvements:
* NEXUS-16580: Migrate nx2 artifact information to nx3 during migration
* NEXUS-28686: Provide an option to not migrate repository content for repositories that are selected for migration from repo 2 to repo 3
* NEXUS-28891: Avoid building browse feature information during repository 2 to 3 migration to improve migration performance
* NEXUS-28924: Option to force the migration process to end without abort before all content is migrated
* Firewall Integration Improvement: Policy-Compliant Component Selection for npm
* Faster Imports with Hardlink Support for All Formats
* Improvements to Repository Replication (PRO only): > Replicator Now Supports Docker and npm Formats > Replicator Now Runs Continuously by Default > New Replication Administrator Role
* Updated Database Migrator for Easier Migration Between PostgreSQL and H2 Databases (PRO only)
* Conan Hosted Support for PostgreSQL and H2 Databases (PRO only)
* Sun Sep 26 2021 Julio González Gil - 3.34.1.01-1- Update to Nexus 3.34.1-01- Bugfixes:
* NEXUS-28768: To facilitate migrating from Nexus Repository 2 to Nexus Repository 3, the npm package.json author field can now accept both map and string values
* NEXUS-28815: NullPointerException at com.sonatype.nexus.migration.repository.migrators.datastore.NpmRepositoryMigrator.recordMetadata
* NEXUS-28821: org.sonatype.nexus.datastore.api.DuplicateKeyException in org.sonatype.nexus.repository.content.browse.store.BrowseNodeStore.mergeBrowseNode- Improvements:
* NEXUS-28522: change the default location for storing import task metadata
* NEXUS-28819: log in repo 3 application log the 2 to 3 migration state to make it easy to determine why migration cannot be ended gracefully
* Sun Sep 05 2021 Julio González Gil - 3.34.0.01-1- Update to Nexus 3.34.0-01- Bugfixes:
* NEXUS-27932: \"Manifest invalid\" message when running the Docker GC task.
* NEXUS-28394: Last downloaded field not properly updating when installing or downloading through R proxy
* NEXUS-28458: logged ERROR LastShutdownTimeServiceImpl \'Failed to process file - Assuming no previous start time\' on startup
* NEXUS-28620: Nexus Database Migrator fails when symlink is used for data directory or data directory not in standard location
* NEXUS-28807: Nexus-3-0 Stage-release Violations - 08/27/21 12:19 AM
* NEXUS-28808: Policy violation of com.thoughtworks.xstream : xstream: 1.4.17
* NEXUS-28853: This release includes a security fix for an HTTP header injection. See the CVE-2021-40143 advisory for full details. If you are using an earlier version, you should upgrade to this release immediately- Improvements:
* NEXUS-28266: make S3 Connection Time to Live (TTL) setting configurable to help avoid socket connect timeouts
* Repository Replication (PRO only)
* NEXUS-28780: New Formats Supported for PostgreSQL and H2 Databases (PRO only): > NEXUS-28677: CocoaPods Format support in Postgres (PRO only) > NEXUS-28678: Go Format support in Postgres (PRO only) > NEXUS-28781: Rubygems Format support in Postgres (PRO only)
* Fri Sep 03 2021 Julio González Gil - 3.33.1.01-1- Update to Nexus 3.33.1-01- Bugfixes:
* NEXUS-28081: Nexus 2 migration to Nexus 3 fails due to permissions of unsupported formats on PostgreSQL databases- Improvements:
* Updated Eclipse Jetty Version to 9.4.43.v20210629
* Changes to Cloud Resiliency Architecture Example: remove the dependency on Amazon Elastic File System (EFS). The improved example provides new YAML files to help you set up Fluent Bit and CloudWatch in order to externalize your logs. This will allow you to capture comprehensive logs even if Nexus Repository runs on separate nodes within the same day.
* Thu Aug 05 2021 Julio González Gil - 3.33.0.01-1- Update to Nexus 3.33.0-01- Bugfixes:
* NEXUS-27428: redundant download count attribute for NuGet v3
* NEXUS-28277: Fetching group npm package metadata concurrently can cause OConcurrentModificationException
* NEXUS-28362: slow request processing due to group trying to locate blobs in the wrong blobstore
* NEXUS-28381: Webhook ConnectionPoolTimeoutException: Timeout waiting for connection from pool after sending 20 requests
* NEXUS-28442: XSS injection- Improvements:
* NEXUS-28543: Conda Format support in Postgres (PRO only)
* NEXUS-28544: Git LFS Format support in Postgres (PRO only
* NEXUS-28545: R Format support in Postgres (PRO only
* NEXUS-28561: Conan Format support in Postgres (PRO only
* NEXUS-28562: npm format support in Postgres (PRO only
* Improvements to Resilient Nexus Repository Deployment Architecture
* Fri Jul 09 2021 Julio González Gil - 3.32.0.03-1- Update to Nexus 3.32.0-03- Bugfixes:
* NEXUS-27469: Using AzureBlobStore causes docker image upload failure with \'digest invalid\' error
* NEXUS-27617: Unable to configure SAML on docker image due to bug in included OpenJDK
* NEXUS-27753: The latest package version doesn\'t change in package root after component deleting
* NEXUS-28247: Docker GC Task incorrectly removing manifests and layers- Improvements:
* NEXUS-28203: Replication (Product Preview, PRO only)
* NEXUS-28205: APT Format support in PostgreSQL
* Fri Jun 25 2021 Julio González Gil - 3.31.1.01-1- Update to Nexus 3.31.1-01- Bugfixes:
* CVE-2021-34553: Information disclosure vulnerability fixed. Sonatype Nexus Repository 3 up to 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a crafted GET request) without having been granted access.
* NEXUS-28078: Docker - Delete unused manifests and images task may delete referenced layers if the database query to select components encounters limits
* Thu Jun 17 2021 Julio González Gil - 3.31.0.01-1- Update to Nexus 3.31.0-01- Bugfixes:
* NEXUS-26177: Deleting an npm repository or invalidating the cache breaks npm audit.
* NEXUS-26312: \"Last downloaded\" not updating consistently in NuGet.
* NEXUS-26358: WARN messages from SupportRestorer Can\'t find file to restore data
* NEXUS-27614: PyPI can swallow errors when the simple index is being re-written.
* NEXUS-26683: \"Remove a member from a blob store group\" task can\'t remove a blob store if one bytes file is missing
* NEXUS-26732: Race Condition in Docker format can cause assets to be mistakenly deleted.
* NEXUS-26737: Deleting manifest with Docker API does not delete all tags.
* NEXUS-26829: Copy and config links incorrect for nuget V3 proxy repos
* NEXUS-26845: HTTP error status code not logged on proxy repository automatic blocking
* NEXUS-26938: Use HEAD request to determine whether remote content has changed instead of conditional GET to avoid hitting DockerHub rate limit prematurely.
* NEXUS-26971: Incorrect results can be returned when using npm show with group repositories.
* NEXUS-27014: Cleanup policies and tasks do not fully consider Docker layers can be referenced by manifests in other repositories.
* NEXUS-27015: IllegalArgumentException on Publish Maven Index task.
* NEXUS-27130: GA maven-metadata.xml fails to refresh if a GAV is deleted via Browse\'s \"Delete Folder\" button
* NEXUS-27182: Blob paths traversal
* NEXUS-27427: Blank values for NuGet attributes.
* NEXUS-27436: npm metadata rebuild failing due to NPE.
* NEXUS-27563: S3 connection pool exhaustion when merging repomd.xml in group repositories.
* NEXUS-27564: Yum Group repomd.xml merge connection pool exhaustion causes problems.- Improvements:
* NEXUS-20252: Support Staging with PyPI format.
* NEXUS-23959: Define BlobStoreApiSoftQuota type allowableValues
* NEXUS-24311: Added hardlinks to import/export.
* NEXUS-26617: Upgrade karaf to 4.3.0
* NEXUS-26931: Added UI validation to ensure container name is all lower case alphanumeric.
* NEXUS-27597: Add ability to run `Repair - Reconcile component database from blob store` against a subset by time
* NEXUS-27683: StorageFacetCleanupTaskManager should remove & schedule task.
* NEXUS-27953: Upgrade Eclipse Jetty to 9.4.42.v20210604.
* Fri Apr 23 2021 Julio González Gil - 3.30.1.01-1- Update to Nexus 3.30.1-01- Bugfixes:
* Security fix for CVE-2021-30635 (Information Disclosure). See https://support.sonatype.com/hc/en-us/articles/1500006879561 for details.
* Security fix for CVE-2021-29159 (XSS vulnerability). See https://support.sonatype.com/hc/en-us/articles/1500005031082 for details.
* Security fix for CVE-2021-29158 (Sensitive Information Disclosure). See https://support.sonatype.com/hc/en-us/articles/1500006126462 for details.
* NEXUS-27384: Upgrade Eclipse Jetty to 9.4.40.v20210413
* NEXUS-26789: Performance improvement to rebuilding GA maven-metadata.xml
* NEXUS-26501: Package content is out of specification when downloading from NuGet hosted
* NEXUS-27013: Raw proxy is encoding slashes for outbound requests
* NEXUS-26855: Non-indexed raw proxy repositories cannot be browsed
* Fri Mar 05 2021 Julio González Gil - 3.30.0.01-1- Update to Nexus 3.30.0-01- Bugfixes:
* NEXUS-12022: Allow configuring HTTPS Maven proxy repositories with pre-emptive authentication
* NEXUS-18610: Raw proxy errors on URL encoded space and plus (+) characters
* NEXUS-19181: staging NullPointerException when moving docker assets via DockerComponentDirector.maybeCopyAssets
* NEXUS-23750: Does not support npm GitHub Package Registry
* NEXUS-24485: Docker Manifest generation is incorrect for Redeploy Disabled repositories.
* NEXUS-25148: Incremental yum rebuilds with only COMPS files are ignored
* NEXUS-25501: Logout with anonymous off fires JS error, can malform page
* NEXUS-25626: Docker redeploy on the latest tag fails when more than one tag exists for the image
* NEXUS-25733: NuGet v3 repository index.json generation
* NEXUS-25783: Browse of NuGet packages from visual studio fails if user doesn\'t have browse privileges to all group members
* NEXUS-25784: Browse request to NuGet v3 search URL in group fails completely if one of the group\'s members has DNS lookup failure
* NEXUS-25868: Podman push of new image tag fails when docker cli push succeeds for the same actions
* NEXUS-25904: The \"admin - change repository blob store\" task should not allow selection of a promoted blob store
* NEXUS-25908: nuget restore does not resolve inbound normalized package versions to unnormalized published versions using NuGet v3
* NEXUS-25924: If the remote of a NuGet v3 proxy is not reachable it breaks requests to a NuGet group
* NEXUS-25985: \"Docker - Delete unused manifests and images\" task deletes digest manifests referenced by other manifests
* NEXUS-26003: Helm proxy : difference between helm index file and real artifact url
* NEXUS-26036: wrong issuer displayed for trusted SSL certificates
* NEXUS-26093: Create proxy repository in API UI fails due to password missing from Authentication JSON
* NEXUS-26099: No way to set \"useTrustStore\" in proxy repository REST API
* NEXUS-26118: pip search does not work
*via
* NXRM PyPI proxy to NXRM PyPI repository and authentication is required
* NEXUS-26129: Promoting a nested blob store causes it to be removed entirely
* NEXUS-26132: upgrade of NXRM 2 to NXRM 3 maven assets fails due to IllegalStateException: Missing {attributes:checksum} sha256
* NEXUS-26315: Cleanup Policy List shows Error 500 after Upgrade 3.28.0 to 3.29.2
* NEXUS-26355: sha512 or sha256 hashes are processed by expensive repository content validation
* NEXUS-26379: DockerFacetUtils.findAssetByContentDigest() causes poor performance under load
* NEXUS-26453: saving the s3 blobstore config can break async tmp blob deletes by not restarting the async delete thread pool
* NEXUS-26473: Thread cooperation does not work when recovering from missing blobs in proxy repositories
* NEXUS-26483: Nexus UI causes Uncaught TypeError when the username contains \'api\' string with privilege \'nx-api-reader\'
* NEXUS-26504: Newly created compact blob store task has \"multinode=true\"
* NEXUS-26605: Rebuild metadata fails to rebuild corrupt metadata files
* NEXUS-26611: conda proxy repositories do not support inbound conditional HTTP GET HEAD
* NEXUS-26676: IllegalOperationException: Repair - Rebuild Maven repository metadata- Improvements:
* NEXUS-24446: Add Azure Blob Storage support to NXRM blob store
* NEXUS-25275: improve docker repository human readable error response messages
* NEXUS-25623: Provide a different status than Quarantined for components Pending Quarantine
* NEXUS-25909: Protect inbound HTTPS connections against Weak Diffie-Hellman Keys and Logjam by default
* NEXUS-26196: Allow enabling truststore with Repository Management REST API
* NEXUS-26319: remove reference to sonatype-public-grid from pom files
* NEXUS-26606: Upgrade Eclipse Jetty to 9.4.38.v20210224
* Fri Jan 08 2021 Julio González Gil - 3.29.2.02-1- Update to Nexus 3.29.2-02- Bugfixes:
* NEXUS-26251: Interface for Cleanup Policies erroneously interprets and persists values as seconds instead of days. If you installed 3.29.1 and modified or created a cleanup policy you must confirm that these fields have the intended values.
* Fri Dec 25 2020 Julio González Gil - 3.29.1.01-1- Update to Nexus 3.29.1-01- Bugfixes:
* NEXUS-24391: \'Destination already contains component\' error when using staging API
* NEXUS-25504: Unable to pull images from hosted docker repo after move to new blobstore
* NEXUS-25600: Repository Import Ignores Validation
* NEXUS-25611: Installing via helm proxy errors if not using official remote
* NEXUS-25801: Group repository registration API requests may fail
* NEXUS-25902: Source blob store is not logged in repository move task
* NEXUS-25903: Repository blob store set incorrectly after error in \"admin - change repository blob store\" task
* NEXUS-25936: npm audit fails with 500 response using group and anonymous
* Sat Dec 05 2020 Julio González Gil - 3.29.0.02-1- Update to Nexus 3.29.0-02- Bugfixes:
* NEXUS-16575: Raw repo url returns Error 404
* NEXUS-19840: /service/metrics/healthcheck returns 500 status code if a single healthcheck fails. It is deprecated now and scheduled for removal. It is recommended to use the alternative endpoint /service/rest/v1/status/check which has a near equivalent JSON response, except it does not return 500 status when one or more system status checks fail
* NEXUS-23733: Creating more than one file based blobstore using the same root path is not prevented
* NEXUS-23827: PACKAGES.gz cannot be updated if repository doesn\'t allow redeploy
* NEXUS-24331: deployment of rpm to a single directory causes metadata rebuild for entire repository
* NEXUS-24913: npm audit caching prevents policy updates
* NEXUS-25105: HTTP 500 response when attempting to delete LDAP user via REST API
* NEXUS-25116: Getting Metadata hashes via a Maven group returns 404 Not found
* NEXUS-25147: Rebuild metadata task leaves sha256 and sha512 files untouched for metadata files
* NEXUS-25158: HeaderPatternFilter may reject implicit Host value due to certain combinations of X-Forwarded headers
* NEXUS-25186: possible that requests abruptly terminating will not appear in request.log
* NEXUS-25291: NuGet V3 Proxy can be configured only using a specific remote in UI field
* NEXUS-25292: Bad blob file reference breaks repository export
* NEXUS-25304: Health check details can fail with NPE if IQ server is setup but disabled
* NEXUS-25357: NuGet Proxy does not work with some third-party V3 repositories
* NEXUS-25420: NXRM to NXRM Nuget v3 proxying still results in direct requests to nuget.org
* NEXUS-25464: Blob reference not updated in asset after change repository
* NEXUS-25478: Nuget V3 Group packages incorrectly sorted in page causing some installs to fail
* NEXUS-25502: yum metadata is rebuilt after downloading it which can cause build failures
* NEXUS-25510: Error Response Code 429 (Rate Limiting) does not autoblock
* NEXUS-25521: Encoded proxy URL causes startup failure
* NEXUS-25527: Crowd \"Verify connection\" button deletes all inputted values
* NEXUS-25529: Security management: Users API does not show \"externalRoles\" for Crowd
* NEXUS-25575: Password Validator Message not shown when changing your password.
* NEXUS-25604: Some newly deployed rpm files not showing up in primary.xml.gz, despite logging saying they are being added
* NEXUS-25605: Proxy repositories to github package registry can fail query requests when accessed in a group repository
* NEXUS-25609: Exception processing payloads for a single NuGet group member repository can stop all group member processing
* NEXUS-25628: yum metadata missing provides entries when multiple versions are provided by a package
* NEXUS-25650: Nexus-3-0 Develop Violations - 10/29/20 12:15 AM
* NEXUS-25775: WARN messages WebResourceServiceImpl - Overlapping resources on path /static/img/sonatype-logo-with-hexagon.png
* NEXUS-25829: CVE-2020-29436: Fixes an XXE Vulnerability
* NEXUS-25830: ClassCastException Long cannot be cast to Date for NuGet v3 registrations index
* NEXUS-25928: Nexus-3-0 Develop Violations - 11/19/20 12:14 AM- Improvements:
* NEXUS-14631: Add more attributes to REST resource for asset
* NEXUS-19021: Nothing is logged at default levels when roles are added or removed
* NEXUS-20267: only allow the most secure cipher suites and TLS protocol versions for inbound HTTPS connections by default. See also NEXUS-25786 below.
* NEXUS-25307: Protect against deletion of related blob stores while the Change Repo Blob Store task is executing
* NEXUS-23331: Add the support of helm push plugin
* NEXUS-25423: Add caching of catalog dates for npm component queries to IQ
* NEXUS-25424: Add configuration for Orient\'s \"network.binary.maxLength\"
* NEXUS-25506: change the Remote URL of the default nuget.org-proxy proxy repository to api version 3 compatible https://api.nuget.org/v3/index.json. Applies only to new installations. Upgrading will not modify any existing remote URLs, although users are encouraged to start migrating away from using NuGet V2 API URLs such as the previous default (https://www.nuget.org/api/v2/).
* NEXUS-25774: upgrade Eclipse Jetty to 9.4.33.v20201020
* NEXUS-25786: explicitly disable TLS 1.0 and 1.1 for inbound HTTPS connections by default. Only applies to Eclipse Jetty-based direct inbound HTTPS connections (no reverse proxy). You are encouraged to use the new settings, but if for some reason you still the new TLS versions or cipher suites, check https://support.sonatype.com/hc/en-us/articles/213465098
* Wed Oct 28 2020 Julio González Gil - 3.28.1.01-1- Update to Nexus 3.28.1-01- Bugfixes:
* NEXUS-25507: Fixed an issue that caused the Change repository blob store task to spawn too many threads.
* Fri Oct 02 2020 Julio González Gil - 3.28.0.01-1- Update to Nexus 3.28.0-01- Bugfixes:
* NEXUS-21107: Raw repo folders with special characters created using UI cannot be deleted
* NEXUS-23968: PyPiHostedFacet does not delete TempBlob on getIndex
* NEXUS-23977: Large docker image upload does not work well with slow inbound network
* NEXUS-24227: archetype-catalog.xml is imported by import task to a maven repository
* NEXUS-24682: Helm repositories require the packages to be relative to the index.yaml
* NEXUS-24718: Running \"docker delete unused manifests and images\" task when blob storage is not available deletes all layers
* NEXUS-24830: npm audit error with quarantined components
* NEXUS-24833: After doing \"Export assets\" task then \"Import external files\" does not preserve lastBlobUpdated (last_updated)
* NEXUS-24846: Wrong Timezone used for Apt Release file
* NEXUS-24868: Group does not export semver2 endpoints `RegistrationsBaseUrl/Versioned` when used as NuGet V3
* NEXUS-24916: SAML configuration error root causes are swallowed and not logged at default levels
* NEXUS-24918: npm audit should not fail if package.json contains a dependency that can\'t be found
* NEXUS-24998: Continuation token fails intermittently with 406 response but then eventually works.
* NEXUS-24999: query params for yum related db query not logged
* NEXUS-25036: repositories with version policy of RELEASE should avoid processing any SNAPSHOT related requests
* NEXUS-25039: Download of docker tags from hosted repository can fail with 400 response
* NEXUS-25156: Npm Audit doesn\'t fail fast when no IQ server is configured
* NEXUS-25190: Newly deployed RPM files do not always appear in yum metadata files
* NEXUS-25294: DockerFacetUtils.findAssetByContentDigest NXRM 3.0.0-M7 backwards compatibility code is non-performant under load
* NEXUS-25296: 502 error if a nuget-v3 group contains a proxy with different nuget version
* NEXUS-25340: IllegalArgumentException: Invalid range for Docker Pushes
* NEXUS-25347: org.eclipse.jetty loggers do not log messages if levels are edited
* NEXUS-25378: docker PUT and PATCH requests may write to the same blob causing docker pushes to fail due to InvalidContentException: Content type could not be determined- Improvements:
* NEXUS-24842: Slow performance pushing large images to S3 based blobstore
* NEXUS-12016: Moving repositories between blob stores (PRO only)
* NEXUS-14448: Include IQ link in Maven output when a component blocked by Firewall
* NEXUS-18283: Ability to Add Custom AWS S3 Regions to Blobstore Configuration
* NEXUS-19858: Confirmation when promoting a blob store
* NEXUS-24904: nxrm 3.26.0 introduces new ERROR level log messages from org.eclipse.jetty.util.log.StdErrLog
* NEXUS-25099: Group deployment for NPM (PRO only)
* NEXUS-25117: add configurability to how S3 temporary blobs are deleted
* NEXUS-19572: Go specific search- Other:
* NEXUS-25336: Replace Google (Guava) Supplier with Java Supplier, people consuming or implementing them will need to update those usages to java.util.function.Supplier.
* NEXUS-25209: Use DB-agnostic TempBlob where possible. Any scripts or third party plugins using org.sonatype.nexus.repository.storage.TempBlob will need to change to use of org.sonatype.nexus.repository.view.payloads.TempBlob.
* NEXUS-25162: Consolidate implementations of WritePolicy. org.sonatype.nexus.repository.storage.WritePolicy has been moved to org.sonatype.nexus.repository.config.WritePolicy. This will impact any groovy scripts using the org.sonatype.nexus.script.plugin.RepositoryApi to create repositories.
* Sat Sep 05 2020 Julio González Gil - 3.27.0.03-1- Update to Nexus 3.27.0-03- Bugfixes:
* NEXUS-24298: Yum proxy needs to be more lenient about gzip encoding
* NEXUS-24464: NuGet Signature validation goes out to https://api.nuget.org
* NEXUS-24691: OCI annotations result in errors
* NEXUS-24802: Spurious warnings logged when running reconcile task against group blob store
* NEXUS-24837: Metadata query cache age and Maximum metadata age timeouts are ignored for metadata requests
* NEXUS-24869: Moving away from the Logging page asks \"Unsaved changes\"
* NEXUS-24901: some rpms in a yum hosted repo are not added to a rebuilt hosted repo primary.xml metadata file
* NEXUS-24917: npm audit fails for packages that are not all lowercase
* NEXUS-24925: Unneeded JSESSIONID cookies returned
* NEXUS-24988: Snapshot remover deletes GAV level maven-metadata.xml files, resulting in 404 responses
* NEXUS-25019: CVE-2020-24622: S3 secret key can be exposed by admin user- Improvements:
* NEXUS-10471: Allow deployment to Docker group repositories (PRO only)
* NEXUS-21118: remove reference to deprecated Jetty socket linger time soLingerTime
* NEXUS-25098: REST API for Conda repositories
* Sun Aug 16 2020 Julio González Gil - 3.26.1.02-1- Update to Nexus 3.26.1.04-1- Bugfixes:
* NEXUS-24867: Fix an issue starting server when multiple SSL certificates are present in the configured keystore.
* Tue Aug 11 2020 Julio González Gil - 3.26.0.04-1- WARNING: Eclipse Jetty Version may Require Configuration Change On Upgrade Check https://issues.sonatype.org/browse/NEXUS-24867 for details or update straight to 3.26.1.02-1- Update to Nexus 3.26.0-04- Bugfixes:
* NEXUS-23065: `Docker - Delete incomplete uploads` task will stop if it errors reading a single asset
* NEXUS-23417: During upgrade of PyPI proxy in 3.22, browse nodes are rebuilt too quickly.
* NEXUS-24226: Prometheus metrics endpoint may be using more CPU than expected.
* NEXUS-24317: NuGet v3 proxy: index.json still available after remote changing
* NEXUS-24592: CVE-2020-15868 - Access controls bypass
* NEXUS-24601: Search API sorting doesn\'t work
* NEXUS-24619: Export filenames that are supported in windows (and import those files properly as well)
* NEXUS-24671: Audit log is not recording events even if feature is enabled- Improvements:
* NEXUS-24788: Import and Export for Docker, PyPI, Rubygems and Yum (PRO only)
* NEXUS-23928: Update /beta/repositories REST endpoints updated to /v1. Beta endpoints still work.
* NEXUS-23930: Update v1 REST endpoints for Security API. Beta endpoints still work.
* NEXUS-24416: Yum repodata metadata handles multiple level rebuild better
* NEXUS-24858: Repair - Reconcile component database from blob store task now includes NuGet format
* Fri Jul 31 2020 Julio González Gil - 3.25.1.04-1- Bugfixes:
* NEXUS-24711: Fix UI login when using custom web context paths
* Thu Jul 30 2020 Julio González Gil - 3.25.1.02-1- WARNING: A critical bug has been discovered in version 3.25.1-02, if a custom web context path is being used (e.g. \"/nexus\") UI logins will not work. This is not the case with default installations performed by this package. But if you are using a custom web context wait until NEXUS-24711 is fixed with a new release- Update to Nexus 3.25.1-02- Bugfixes:
* NEXUS-24596: CVE-2020-15871 Remote Code Execution vulnerability (https://support.sonatype.com/hc/en-us/articles/360052192693)- Improvements:
* NEXUS-24488: Avoid excessive database queries in OSSIndex integration
* NEXUS-24489: Batch requests from browse UI for OSSIndex
* NEXUS-24128: REST API delete requests for Maven components can have slow performance
* NEXUS-24112: Staging move of Maven components can be very slow due to metadata rebuilds
* NEXUS-24612: Unable to browse repository - OssIndexVulnerabilityClient Timeout
* Tue Jul 14 2020 Julio González Gil - 3.25.0.03-1- Update to Nexus 3.25.0-03- Bugfixes:
* NEXUS-20640: docker push may fail with blob upload unknown due to race condition
* NEXUS-20829: Correct the upgrade screen to state that multiple upgrades from Nexus 2.x to 3.y is not supported.
* NEXUS-23550: p2 proxy repository does not work with IQ update site
* NEXUS-23759: context missing from MavenRestoreBlobStrategy - Skipping as no maven coordinates found and is not maven metadata
* NEXUS-23830: docker anonymous pull fails with 401 when user tokens are enabled
* NEXUS-23887: LDAP connection UI looks broken, constantly prompts for password
* NEXUS-23895: Save of LDAP user and group settings fails with error.
* NEXUS-24098: Snapshot GAV metadata rebuilt incorrectly if packaging has multiple segments
* NEXUS-24124: OCI - Docker repos should respect accept headers
* NEXUS-24132: Import Attributes fail if an asset has a null componentId
* NEXUS-24194: NuGet V3 Hosted - Search prerelease flag does not work
* NEXUS-24222: Reduce likelihood of OOM when accessing NuGet feed
* NEXUS-24248: NuGet v3 proxy fails to work with HA-C
* NEXUS-24267: download of podspec.json file through proxy repo which does not exist at the remote causes NullPointerException and 500 status code
* NEXUS-24283: Repository export errantly tries to validate delta files for every asset, even in other repositories
* NEXUS-24334: NPM Audit logs error on retrieving package
* NEXUS-24355: Nuget V3 - Impossible to use hosted/group/proxy as remote for proxy
* NEXUS-24457: npm package metadata dist-tags section can be empty when merged from a group repository member group repository- Improvements:
* NEXUS-10886: NuGet v3 JSON format support
* NEXUS-10886: Iport for npm and NuGet formats (PRO only)
* NEXUS-20642: add thread id to audit log entries
* NEXUS-24256: Enforce Password Complexity Requirement
* NEXUS-24568: Cache npm audit results to improve performance
* NEXUS-23923: Email REST API out of beta
* NEXUS-24288: OSS Index Link Integration (OSS Only)
* Sat Jun 13 2020 Julio González Gil - 3.24.0.02-1- Update to Nexus 3.24.0-02- Bugfixes:
* NEXUS-17288: Image broken on logger edit
* NEXUS-19529: viewing the UI repositories list will trigger s3 blobstore metrics retrieval even if that blobstore is not used
* NEXUS-23071: /beta/repositories/{format}/group/{repositoryName} example model is wrong
* NEXUS-23082: Update embedded Java version to latest Java 8
* NEXUS-23418: rest api proxy repository httpClient authentication does not take effect
* NEXUS-23551: Yum Authenticating against RHEL servers in AWS
* NEXUS-23712: items added or removed from yum metadata files when metadata is rebuilt may not be logged
* NEXUS-23761: beta/repositories/{format}/hosted/{repositoryName} has invalid parameters in example
* NEXUS-23800: Race condition in lazy maven metadata rebuild causes build failures, slow builds
* NEXUS-23872: Unable to set repository HTTP client auth via REST
* NEXUS-23903: long running database queries for docker repositories can lead to thread and db connection pool exhaustion
* NEXUS-23980: \'USER_ROLE_MAPPING\' was not found in database \'component\' exceptions seen with docker- Improvements:
* NEXUS-23588: Repository Management API missing yum proxy
* NEXUS-23650: Allow REST API to Enable/Disable Anonymous Access
* NEXUS-23798: REST API to enable User Tokens
* NEXUS-23854: Export for Raw and Maven formats (Pro Only)
* NEXUS-23870: \"Node already has an asset\" for browse tree rebuild should not fail Transactions status check
* NEXUS-23897: Memory settings in docker image are too low
* NEXUS-23970: NuGet v3 Hosted
* NEXUS-24091: REST API for Cocoapods repositories
* NEXUS-24092: REST API for Raw repositories
* NEXUS-24093: REST API for RubyGems repositories
* Wed May 06 2020 Julio González Gil - 3.23.0.03-1- Update to Nexus 3.23.0-03- Bugfixes:
* NEXUS-23360: Docker: Infinite loop for authorization to registry.connect.redhat.com
* NEXUS-23548: Helm Chart Repository API version format incorrect
* NEXUS-20349: NuGet repository returns multiple versions as islatest=true
* NEXUS-23420: NonResolvablePackageException thrown when downloading a package through the PyPI group
* NEXUS-23398: Retrieval of some packages from PyPI fails
* NEXUS-23487: PyPI repository returns 500 error response if remote returns an invalid response.
* NEXUS-23379: Invalid content returned through proxy prevents valid content from being retreived
* NEXUS-23616: Blob Store API allows users to create a blobstore without path- Improvements:
* NEXUS-11468: Import for Raw and Maven formats (requires Pro license)
* NEXUS-16954: Nexus Intelligence via npm audit
* NEXUS-21087: (Docker) Support OCI registry format
* NEXUS-23436: Clearer anonymous panel for upgrade wizard
* Fri Apr 17 2020 Julio González Gil - 3.22.1.02-1- Update to Nexus 3.22.1-02- Bugfixes
* CVE-2020-11753: Improper access controls allowed privileged user to craft requests in such a manner that scripting tasks could be created, updated or executed without use of the user interface or REST API
* NEXUS-23281: Requesting a SNAPSHOT artifact from a RELEASE Repo returns HTTP 400
* NEXUS-23348: SAML - New UI Login SSO Button does not respect the nexus-context-path
* NEXUS-23352: Conan integration in 3.22.0 does not handle Header Only packages
* NEXUS-23359: SAML - NPE thrown if IdP metadata does not contain SingleLogoutService element
* NEXUS-23399: NuGet v3 proxy repository will not serve cached content if remote is blocked
* NEXUS-23441: Already cached NuGet v2 proxy repository content will return 502 if Component Max Age expires and the remote is not available
* NEXUS-23504: Privileged user can create, modify and execute scripting tasks
* NEXUS-23556: CVE-2020-11415: LDAP system credentials can be exposed by admin user- Improvements:
* NEXUS-23396: Admin - Cleanup repositories using their associated policies task should lazily mark maven metadata for rebuild
* Sat Mar 28 2020 Julio González Gil - 3.22.0.02-1- Update to Nexus 3.22.0-02- Bugfixes
* CVE-2020-11444: Improper access controls allowed authenticated users to craft requests in such a manner that configuration for other users in the system could be affected
* NEXUS-16159: \"Require user tokens for repository authentication\" now enforced properly
* NEXUS-19437: a blobstore in any other state than STARTED cannot be removed
* NEXUS-21011: Compact blob store task cannot hard delete blob assets when the blobstore is out of space
* NEXUS-21808: DockerTokenDecoder.dumpToken(String) method may fail to parse docker bearer tokens causing IndexOutOfBoundsException
* NEXUS-22054: \"Repair - reconcile component database from blob store\" task does not remove invalid component db references.
* NEXUS-22245: Cannot Delete NPM Scoped Folder via UI
* NEXUS-22602: Running metadata rebuild task with GA restrictions fails
* NEXUS-22666: concurrent uploads to the same maven GA may result in 500 response due to OConcurrentModificationException
* NEXUS-22669: First staging move to npm hosted repo fails with 500 error.
* NEXUS-22729: Cleanup Policy task results in removal of maven-metadata from non-timestamped snapshots
* NEXUS-22760: POST /service/extdirect/poll/rapture_State_get lists all tasks from the database
* NEXUS-22770: Change in stored Pypi proxy package paths creates duplicate assets and breaks browse node creation
* NEXUS-22802: AnonymousSettings.jsx does not respect nexus-context-path
* NEXUS-22853: Too many tasks scheduled if an upgrade requires rebuilding the browse_node table
* NEXUS-22896: performance regression in search REST API
* NEXUS-23048: Problem proxying NuGet packages hosted by GitHub Packages
* NEXUS-23072: Anonymous Access icon missing
* NEXUS-23104: Offline repositories allow UI upload
* NEXUS-23236: org.sonatype.nexus.quartz.internal.orient.JobStoreImpl is a concurrency bottleneck
* NEXUS-23272: Inability to add
* permission to user on 3.21.2- Improvements
* NEXUS-5716: add a way to configure default privileges for any signed-in users
* NEXUS-20939: SAML integration
* NEXUS-22820: Process search index updates in the background in a non-blocking fashion
* NEXUS-21910: Additional REST provisioning support for npm, NuGet and PyPI repositories
* Tue Mar 24 2020 Julio González Gil - 3.21.2.03-1- Update to Nexus 3.21.2-03- Bugfixes
* NEXUS-23205: Disabled Groovy Scripting By Default. In order to make NXRM more secure, Groovy scripting engine is now disabled by default. This affects Groovy scripts as used through the REST API and through scheduled tasks. Scripts which are present from an upgraded version will continue to be executable but their script source will not editable. For more information (including how to re-enable Groovy scripting), see https://issues.sonatype.org/browse/NEXUS-23205
* Sat Feb 29 2020 Julio Gonzalez Gil - 3.21.1.01-1- Update to Nexus 3.21.1-01- Remove a broken menu entry incorrectly appearing for some users
* Sat Feb 29 2020 Julio Gonzalez Gil - 3.21.0.05-1- Update to Nexus 3.21.0-05- Bugfixes:
* NEXUS-18186: Disabling redeploy for a private Docker repo breaks the \"latest\" tag
* NEXUS-21730: Audit log does not log all attributes for repository change events
* NEXUS-21329: \"Remove a member from a blob store group\" task processes missing files in the source blob store
* NEXUS-18905: Cleanup tasks fail with \"No search context found for id\" error
* NEXUS-13306: Usernames containing non URL safe characters cannot authenticate using the Crowd realm
* NEXUS-16009: Browse tree for NuGet proxy repositories shows packages that are not locally cached
* NEXUS-22051: PyPI group merge is not case sensitive
* NEXUS-22351: R PACKAGES file lost on upgrade to 3.20.x
* NEXUS-17477: Unable to install hosted gem which has multiple version requirements
* NEXUS-22052: Yum Metadata not rebuilt after staging deletion of rpm- Improvements:
* NEXUS-11730: Support for proxying p2 repositories. p2 is a technology for provisioning and managing Eclipse- and Equinox-based applications
* NEXUS-13325: Helm is the first application package manager running atop Kubernetes(k8s). It allows describing the application structure through convenient helm-charts and managing it with simple commands
* NEXUS-10886: NuGet V3 Proxy support gives Nexus Repository Manager users access to the up-to-date V3 API. This is the first part of a wider initiative to bring full V3 support, group and hosted will follow in future releases
* NEXUS-16251: Provide a common facility to allow RPM clients to get GPG keys to verify package signatures in remote repositories.
* NEXUS-13434: Provide npm cli ping support
* Fri Feb 28 2020 Julio Gonzalez Gil - 3.20.1.01-2- Clean up spec and fix to build all distributions at OpenBuildService- Enable building and installation for Amazon Linux >= 2- Enable building and installation for for openSUSE Tumbleweed/Factory
* Mon Jan 27 2020 Julio Gonzalez Gil - 3.20.1.01-1- Update to Nexus 3.20.1-01- Bugfixes:
* NEXUS-22249: An error may occur when starting NXRM Pro due to race condition around the license loading.
* NEXUS-22241: During the upgrade process from older releases (3.19.0 and before), NXRM may throw an exception when updating PyPI database configuration.
* Mon Jan 27 2020 Julio Gonzalez Gil - 3.20.0.04-1- License for Nexus OSS is EPL-2.0 as stated at https://blog.sonatype.com/2012/06/nexus-oss-switched-to-the-eclipse-public-license-a-clarification-and-an-observation/ and it is since 2012. Mistake inherited from the original packages from Jens Braeuer.- Update to Nexus 3.20.0-04- Bugfixes
* NEXUS-21311: Yum and CentOS 8
* NEXUS-21371: npm package metadata does not return correct status code sometimes
* NEXUS-19811: Offline and misconfigured blob store should be noted in UI
* NEXUS-21368: Proxy repository removes get-params from HTTP sources
* NEXUS-22144: Slow performance displaying content selectors in UI
* NEXUS-21306: Cannot proxy Docker repository on Bintray
* NEXUS-21315: Extremely slow processing in \"Docker - Delete unused manifests and images\" task
* NEXUS-21672: Group repo with proxy repo member to remote group repo responds 404 when remote group repo responds \"403 Requested item is quarantined\"
* NEXUS-18117: PyPI ignoring python_requires metadata
* NEXUS-20705: Index can contain absolute URLs which bypass Nexus Repository Manager
* NEXUS-21589: Repository health check can fail if the same asset exists in more than one repository
* NEXUS-14233: Support managing Realms via the REST API
* NEXUS-21138: Snapshot remover leaves maven-metadata.xml files deleted for a long time, breaking builds
* NEXUS-12488: Remote https repository with TLS client certificate loaded in NXRM JVM keystore not trusted
* NEXUS-20140: 500 Server Error shown in Chrome console when accessing Support Status page- Improvements
* NEXUS-20269: jetty-http-redirect-to-https.xml removed and its use discouraged Startup will fail if your configuration references jetty-http-redirect-to-https.xml Check https://support.sonatype.com/hc/en-us/articles/360037845633 if that is the case
* NEXUS-19424 : Ability to Clean Up by \"Never downloaded\"
* NEXUS-9837: R Format Support
* NEXUS-12456: Enhanced npm login for private repository usages
* NEXUS-13433: npm whoami support
* NEXUS-20268: HSTS enabled by default for Inbound Jetty HTTPS connectors See https://support.sonatype.com/hc/en-us/articles/360024943193
* Thu Oct 17 2019 Julio Gonzalez Gil - 3.19.1.01-1- Update to Nexus 3.19.1-01- Bugfixes
* NEXUS-21381: Prevent Docker Proxy Repository throwing null pointer exceptions and blocking some image pulls after upgrade
* Thu Oct 17 2019 Julio Gonzalez Gil - 3.19.0.01-1- Update to Nexus 3.19.0-01- Bugfixes
* NEXUS-10679: NPM repos don\'t handle HEAD requests
* NEXUS-19102: Unable to proxy private Azure (ACR) registry- Improvements
* NEXUS-19970: CocoaPods Format Support
* NEXUS-19866: Conda Format Support
* NEXUS-9862: New abilities for adding and removing \"distribution tags\" into npm metadata via the npm CLI
* NEXUS-17797: S3 peerformance improvements, support for encrypted S3 buckets, use of custom encryption keys, simplified permission testing, and essential improvements to storage space metrics
* NEXUS-19120: Added support for Docker Foreign Layers. Nexus Repository Manager users can now proxy docker images with foreign layers when pulling Microsoft Windows images.
* NEXUS-19144, NEXUS-19142, NEXUS-19143, NEXUS-19145, NEXUS-19146, NEXUS-16734: Enhanced REST API endpoints for initial provisioning and maintenance of Nexus Repository Manager
* NEXUS-20682: Go Format Data Integration
* NEXUS-19525: Multi-policy Cleanup
* Tue Aug 20 2019 Julio Gonzalez Gil - 3.18.1.01-1- Update to Nexus 3.18.1-01- Bugfixes
* NEXUS-20674: Fixed an exception occurring when a user manually logs out of the user interface.
* NEXUS-19235: Propagates the quarantine status code when NXRM proxies another NXRM with Firewall enabled.
* Mon Aug 19 2019 Julio Gonzalez Gil - 3.18.0.01-1- Update to Nexus 3.18.0-01- Bugfixes
* NEXUS-10252: \"Invalid authentication ticket\" error on password change
* NEXUS-14729: Regression: Nexus 3 returns 501, 400 and 204 responses for MKCOL requests
* NEXUS-15878: UI poll requests iterates over all privileges.
* NEXUS-19618: Expensive, error prone check done for content validation of checksums
* NEXUS-20014: browse operations can be slower than expected with many content selectors
* NEXUS-20104: OrientDB database backups default compression level and buffer size are not optimized
* NEXUS-20139: Repair - Rebuild repository search queries are not optimized, potentially impacting other search operations
* NEXUS-20360: request.log is no longer included in support zips
* NEXUS-20453: Browse operations can be very slow when using content selector permissions
* NEXUS-20479: Stored XSS Vulnerabilities (eventually public)- Improvements
* NEXUS-19954: Increase the default maximum heap and direct memory sizes
* NEXUS-20100: allow customizing compression level and buffer size of Orient database checkpoint during upgrade using system properties
* Fri Aug 16 2019 Julio Gonzalez Gil - 3.17.0.01-1- Update to Nexus 3.17.0-01- Password for admin user at new installations is now random and can be found at /var/lib/nexus3/admin.password (https://help.sonatype.com/repomanager3/installation/post-install-checklist for more details)
* Fri Aug 16 2019 Julio Gonzalez Gil - 3.16.2.01-1- Update to Nexus 3.16.2-01
* Fri Apr 26 2019 Julio Gonzalez Gil - 3.16.1.02-1- Update to Nexus 3.16.1-02
* Fri Apr 26 2019 Julio Gonzalez Gil - 3.16.0.01-1- Update to Nexus 3.16.0-01
* Tue Mar 12 2019 Julio Gonzalez Gil 3.15.2.01-1- Update to Nexus 3.15.2-01
* Sat Jan 26 2019 Angelo Verona - 3.15.1.01-1- Update to Nexus 3.15.1-01- Do not replace modified config files
* Mon Jan 14 2019 Angelo Verona - 3.15.0.01-1- Update to Nexus 3.15.0-01
* Mon Oct 29 2018 Wojciech Urbański - 3.14.0.04-1- Update to Nexus 3.14.0-04
* Tue Sep 04 2018 Wojciech Urbański - 3.13.0.01-1- Update to Nexus 3.13.0-01
* Mon Jun 25 2018 Julio Gonzalez - 3.12.1.01-1- Update to Nexus 3.12.1-01
* Sat May 26 2018 Anton Patsev - 3.12.0.01-1- Update to Nexus 3.12.0-01
* Fri May 11 2018 Anton Patsev - 3.11.0.01-1- Update to Nexus 3.11.0-01
* Fri Apr 20 2018 Pavel Zhbanov - 3.10.0.04-1- Update to Nexus 3.10.0-04
* Sat Mar 10 2018 Julio Gonzalez - 3.9.0.01-1- Update to Nexus 3.9.0-01
* Sat Mar 10 2018 Julio Gonzalez - 3.8.0.02-1- Update to Nexus 3.8.0-02
* Tue Jan 02 2018 Julio Gonzalez - 3.7.1.02-1- Update to Nexus 3.7.1-02
* Tue Jan 02 2018 Julio Gonzalez - 3.7.0.04-1- Update to Nexus 3.7.0-04- Warning: 3.7.0-04.1 is affected by issue https://issues.sonatype.org/browse/NEXUS-15278, it is highly recommended you install 3.7.1-02-1 if you have offline repositories
* Sat Dec 30 2017 Anton Patsev - 3.6.2.01-2- Stop requiring sysvinit compatibility for systemd- Add systemd service
* Thu Dec 28 2017 Julio Gonzalez - 3.6.2.01-1- Start using Fedora/RHEL release conventions- Fix problems on RPM removals- Make the package compatible with SUSE and openSUSE
* Sun Dec 24 2017 Julio Gonzalez - 3.6.2-01- Update to Nexus 3.6.2-01
* Sat Dec 02 2017 Anton Patsev - 3.6.0-01- Update to Nexus 3.6.1-02- Fix source- Use package name to configure user to run Nexus- Require Java 1.8.0
* Sat Dec 02 2017 Julio Gonzalez - 3.6.0-02- Update to Nexus 3.6.0-02
* Sat Dec 02 2017 Julio Gonzalez - 3.5.2-01- Update to Nexus 3.5.2-01
* Sat Dec 02 2017 Julio Gonzalez - 3.5.1-02- Update to Nexus 3.5.1-02
* Thu Aug 03 2017 Julio Gonzalez - 3.5.0-02- Update to Nexus 3.5.0-02
* Sat Jul 29 2017 Julio Gonzalez - 3.4.0-02- Update to Nexus 3.4.0-02
* Sat Jul 29 2017 Julio Gonzalez - 3.3.2-02- Update to Nexus 3.3.2-02
* Sat May 20 2017 Julio Gonzalez - 3.3.1-01- Update to Nexus 3.3.1-01
* Sat May 20 2017 Julio Gonzalez - 3.3.0-01- Update to Nexus 3.3.0-01
* Sat May 20 2017 Julio Gonzalez - 3.2.1-01- Update to Nexus 3.2.1-01
* Sat May 20 2017 Julio Gonzalez - 3.2.0-01- Update to Nexus 3.2.0-01
* Sat Nov 12 2016 Julio Gonzalez - 3.1.0-04- Update to Nexus 3.1.0-04
* Fri Apr 08 2016 Julio Gonzalez - 3.0.0-03- Initial packaging for Nexus 3.x
  
ICM